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RECEIVED 
CENTRAL FAX CENTER 

1-6. (Canceled). JUN 2 8 2007 

7. (Currently Amended) A wireless network intrusion detection and prevention 
system, comprising: 

a plurality of monitor agent applications installed on a plurality of wireless network 
devices for collecting wireless event data from a wireless network; 

a plurality of wirelcao accooo points for providing accoee to tho wireless network for 
the plurality of wireless network devices; 

a secure communications link for providing secure communications between the 
plurality of wireless network devices and other components of the wireless network 
intrusion detection and prevention system; 

a cooperative decision engine for collecting wireless event data from the plurality of 
. monitor agent applications installed on the plurality of wireless network devices the 
plurality o£ wireless network devices and tho plurality of wireless access points, for 
screening the wireless event data for normal events and abnormal events, for sending 
decision data to a response initiator adaptive feedback engine based on processing of the 
normal event and abnormal events and for receiving state data from the response initiator 
adaptive feedback engine; 

a fuzzy association engine including an adaptive learning detection system for 
adaptively detecting abnormal events and preventing similar abnormal events based on 
wireless event data received from the cooperative decision engine; and 

a rpapnnflp. initiator adaptive feedback engine for receiving decision data from the 
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cooperative decision engine, for sending state information to the cooperative decision 
engine, for sending response control information to a plurality of wirele33 access points 
through the secure communications link, and for maintaining a running mistrust level for 
the plurality of wireless network devices and the plurality of wireless access points on the 
wireless network^ 

wherein the running mistrust level of the respons e initiator adaptive 
feedback engine includes a plurality of mistrust levels and a plurality_o.f 
Hftsorjatfid response mechanisms* 

wherein the plurality of response mecha nisms include a plurality of 
security protection suites, and 

wherein the plurality of security protection suites include an encryption 
method, a secure hash methods a Diffie-Hel lman group method, a method of 
encryption key authentication and a mistrust level decr ement interval. 

8. (Original) Tha wireleaa network intrusion detection and prevention system of 
Claim 7 further comprising a plurality of smart wireless antenna subsystems associated 
with the plurality of wireless access points. 

9. (Canceled). 

10. (Original) The wireless network intrusion detection and prevention aystcm of 
Claim 7 wherein the secure communis a Hons link includes wireless encrypted 
communications. 
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11. (Original) The wireless network intrusion detection and prevention system of 
Claim 7 wherein the cooperative decision engine .includes a wireless event anomaly profiler, 
a normal wireless event profile database and a set of wireless event misuse rules. 

12. (Original) The wireless network intrusion detection and prevention of Claim 7 
wherein the response initiator adaptive feedback engine sonde alarms and wiroless event 
log filfifi tn a network administrator, and receives manual control from the network 
administrator, 

13. (Canceled), 

14. (Canceled). 
16. (Canceled) 

16. (Currently Amended) The wireless network intrusion detection and 
prevention of Claim 43 7 wherein the plurality of associated response mechanisms includes 
continuing normal operation, cycling between ft the plurality of security protection suites, 
switching radio frequency bands, or excluding a wireless network device or wireless access 
point from the wireless network and requesting re-uulheiitication and re-login of the 
wireless network device or wireless across point on the wireless network. 
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17. (Original) The wireless network intrusion detection and prevention of Claim 7 
where the decision data includes X, Y coordinates for a physical location of a monitor agent 
application, wireless network or device, wireless access point where an wireless anomaly 
event has been detected, a confidence level in the detected wireless anomaly event, a type of 
wirelees anomaly and a mistrust level decrement value from a security protection suite. 

18. (Currently Amended) The wirol o-ss- notwork intrus io n dctocti on nnd 
prevention of Clain*4 S A wireless n etwork intrusion detection and prevention 
system, comprising: 

a plurality of monitor agent applications installed on a plur ality of wireless, 
network devices for collecting wireless event d ata from a wireless network; 

a plurality of wireless access points for providing access to th e wireless 
network for the plurality of wireless n etwork devices; 

a secure communications link for providing secure comrywn i cations 
between the plurali ty of wi rel ess network devices and othe r components of the 
wireless network intrusion detection and preventio n system: 

a cooperative decision engine for collect ing wireless event data from the 
plurality of monitor agent applications installed on the plurality of wireless 
network devices the plurality of wireless network devices and the plurality of 
wireless access points, for screening the wireless event data for normal even ts 
and abnormal events, for sending decision data to a response initiator- adap tive 
iWdbflck ftntfinft based nn processin g of the normal event and abnormal events 
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and for receiving state data from the response initiator adaptive feedback 
engine; 

a fuzzy association engine including an adaptiv e learning detection system 
for adaptivelv detecting abnormal events and preventing sim ilar abnormal 
events based on wireless event data received from the cooperative decision 
engine: 

a response initiator adaptive feedback engine for rftcftiving decisiamiata. 
fro m the 

cooperative decision engine, for sending state information to the cooperative 
decision engine, for sending response control information to ^p lurality of 
wireless access points through the secure commun ications link, and for 
maintaining a running mistrust level forthe plurali ty of wireless network 
devices and the plurality of wireless access points on the wirele ss netwurk and, 

where a mi&truat level is associated with iJ*e a mistrust level decrement value and 
is calculated with,: 

Mdqw = M + ClB - Mdoc^va! , 

where Mnew is a new mistrust level, M is an old mistrust level, a is a confidence level 
in a detected anomaly, 6 is a weight assigned to a type of anomaly and, Md^ai is a mistrust 
level decrement value. 
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19. (Original) An integrated wireless intrusion detection and prevention security 
system, comprising: 

a smart wireless antenna subsystem at a physical layer in a wireless network 
infrastructure on a wireless network for detecting a direction of arrival of a wireless signals 
from a selected wireless network device from a set of a plurality of wireless network devices 
on a wireless smart antenna subsystem associated with a wireless access point, for 
analyzing the direction of arrival to determine whethor the detected signal ia from a rouge 

wireless network device, and if so, creating a wireless beamform and directing the wireless 
signal from the rouge wireless network device to a null area in the wirele$$ signal pattern 
being transmitted by the wireless access point; and 

a wireless network intrusion detection and prevention system at a data link layer in 
the wireless network infrastructure on the wireless network for collecting wireless event 
data from the wireless network, analyzing the collected wireless event data for normal and 
abnormal wiwtoa events, and for providing network security rcoponoc controls to the 
plurality nf wireless network devices and the wireless access point on the wireless network 
based on the analyzed collected wireless event data. 
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20. (Canceled). 



RECEIVED 
CENTRAL FAX CENTER 

JUN 2 8 2007 



21. (Original) The integrated wireless intrusion detection and prevention security 
system of Claim 19 wherein the wireless network intrusion detection and prevention 
system comprises: 

a plurality of monitor agent applications installed on a plurality of wireless network 
devices for collecting wireless event data front a wireless network; 

a plurality of wireless access points for providing access to the wireless network for 
the plurality of wireless network devices; 

a secure communications link for providing secure communications between the 
plurality of wireless network devices and other components of the wireless network 
intrusion detection and prevention system; 

a cooperative decision engine for collecting wireless event data from the plurality of 
monitor agenl applications installed on the plurality of wireless network devices the 
plurality of wireless network devices and the plurality of wireless access points, for 
screening the wireless event data for normal events and abnormal events, for sending 
decision data to a response initiator adaptive, feedback engine based on processing of the 
normal event and abnormal events and for receiving state data from the response initiator 
adaptive feedback engine; 

a fuzzy association engine including an adaptive learning detection system tor 
adaptively detecting abnormal events and prevtmLing similar abnormal events based on 
wireless event data received from th ft cooperative decision engine; and 

a response initiator adaptive feedback engine for receiving decision data from the 
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cooperative decision engine, for sending state information to the cooperative decision 
engine, for sending response control information to a plurality of wireless access points 
through the secure communications link, and for maintaining a running mistrust level for 
the plurality of wireless network devices and the plurality of wireless access points on the 
wireless network. 

22. (Original) A method for wirclcso irctx-ueion detection and prevention, comprising: 
detecting a direction of arrival of a wireless signal from a wireless network device on 

a smart wireless antenna subsystem associated with a wireless access point; 

analyzing the direction of arrival to determine whether the wireless signal is from a 
rouge wireless network device, and if so, 

adaptively creating a wireless beamform and directing the wireless signal from the 
rouge wireless network device to a null area in a wireless signal pattern being transmitted 
by the wireless access point. 

23, (Original) The method of Claim 22 further comprising a computer readable 
medium having stored therein instructions for causing a processor to execute the steps of 
the method. 
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24. (Canceled). 

25. (Currently Amended) A method for wireless intrusion detection and 
protection security, comprising: 

maintaining plural mistrust levels for a plurality of wireless signals for a plurality 
wireless network devices and for a plurality of wireless access points on a wireless network 
by a wireless security system; 

detecting a wireless signal for a wireless event for a selected wireless network device 
or selected wireless access point on a smart wireless antenna subsystem; 

determining a mistrust level for the detected wireless signal via the wireless 
security system with an adapting learning system includ ing a neural network using 
decision data created on the wireless security system from the detected wireless signal from 
the smart wireless antenna subsystem; 

comparing the determined mistrust level to a miotruat lovol stored for the plural 
wireless signals for the plural wireless network devices and plural wireless access points; 
and 

applying a selected security response control from the wireless security system 
based on the determined mistrust level to selected wireless network device or wireless 
access point, 

wherein the neural network includes a Back Propaga tion Neural Network 
with positive training created with newjdetected wireless signal data, and 

wWpin thft Bar.lr Pronation Neural Networki ncludes a training vector; 
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wherein SSc* a detected wireless signal strength measur ed at an associated 
wireless access point P for a selected wireless network device Cn in a particular 
position (K r A , Yn ^) and where X» is an X location of the selected wireless access, 
point P. Y P . is a Y location of the selected wireless a ccess point P and Xr^ , Yr^_are 
X.Y coordinates of the selected wireless network device . 

26* (Origmal) The method of Claim 25 further comprising a computer readable 
medium having stored therein instructions for causing * proc.&aanr to execute the steps of 
the method. 
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27. (Original) The method of Claim 25, wherein the step of determining a mistrust 
level includes analyzing the detected wireless signal for normal wireless events and 
abnormal wireless events. 

28. (Original) The method of Claim 27, wherein the step of determining a mistrust 
level includes analyzing the detected wireless signal for normal wireless events and 
abnormal wireleaa events in aooociation with an. adaptive learning detection system that 
collects and analyzes normal wireless events and abnormal wireless events over a time 
period T using a neural network that is adaptively and dynamically updated based on new 
detected wireless signals for normal wireless events and abnormal wireless events. 

29. (Canceled). 
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30. (Canceled). 

JUN 2 8 2007 

31. (Original) The method of Claim 25 wherein the decision data in the step of 
determining a mistrust level includes X,Y coordinates for a wireless network device or a 
wireless access point, a confidence level for the detected wireless signal, a type of wireless 
signal anomaly and mietruat level decrement interval from a security protection suite. 

32. (Original) The method of Claim 25 wherein step of applying a selected security 
response control includes cycling among a plurality of security protection Buites, switching 
wireless bands, requiring re -authentication and/or re-identification, forcing the selected 
wireless network device or wireless access point off the wireless network. 

33. (Currently Amended) Tlic method o f-Claim 32 A method for wjrolose 
intrusion detection and p rotection security, comprising: 

maintaining plural mistrust levels for a plurality of wireless. signals for a 
plurality wireless network devices and for a plurality of wireless ac cess points on 
a wireless network by a wireless security system; 

detecting a wireless signal for a wireless event for a selected wireless 
network device or selected wireless access point on a sm art wireless antenna 
subsystem; 

determining a mistrust level for the dete cted wireless signal via the 
wireless security avstem vising decision data created on tbe wireless securi ty 
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system from the detected wireless signal from the smart wir eless antenna 
subsystem; 

comparing the determined mistrust level to a mistrust level stored for the, 
plural wireless signals for the plural wireless network devices and plural 
wireless access_points: and 

applying a selected security response control fromth e wireless security 
system based on the determined mistrust level to sel ected wireless network 
device or wirel ess access point, including cycling among a plurality of security 
protection suites, switching wireless band s, requiring re-authentication and/or 
re-identification, forcing the selected wireless network device or wireless access 
point off the wireless network, 

wherein the plurality of security protection suites include an encryption method, a 
secure hash method, a JJiffie-Hellman group method, a method of encryption key 
authentication and a mistrust level decrement value 

34. (Original) The method of Claim 25 wherein step of applying a selected security 
response control includes cycling among a plurality of security protection suites as mistrust 
level is changed for a selected wireless network device or a wireless access point based on 
the determined mistrust level. 
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35. (Currently Amended) The method of Claim-25 wherein the otcp of applying a 
j^aa M seera&y rt^pnnnn nnntirnl includes A method for wireless intrusion detecti on 
and protection security, comprising: 

maintaining plural mistrust levels for a plurality of wireless signals fo r a 
nluralitv wireless network devices and for a plurality of wireless access poin ts on 
a wireless network bv a wireless security system: 

detecting a wireless signal for a wireles s event for a selected wireless 
network dev ice or selec ted wireless access point on a sm art wireless antenna 
subsystem; 

determining a mistrust level for the detected wireles s signal via the 
wireless security system using decision data creat ed on the wireless security 
system from the detected wireless signal from the sm art wireless antenna 
subsystem; 

comparing the determined mistrust level to a mistrust level stored for the 
™1iirfl1 wire1*«g signals for the plura l wireless network devices and plural 
wireless accessjpoints: and 

applying a selected security response control from th e wireless security 
system based on the determined mistrust level to s elected wireless network 
device or wireless access point, including directing the selected wireless network 
device or wireless access point to a wireless null in a wireless signal pattern with the smart 
wireless antenna subsystem. 
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36- (Original) The method of Claim 25 wherein the smart wireless antenna 
subsystem operates at physical layer in a wireless network infrastructure on the wireless 
network 

37. (Original) The method of Claim 25 wherein the wireless security system 
operates at data-link layer or higher layers in a wireless network infrastructure on the 
wireless network. 

38. (New) The method of Claim 33 further comprising a computer readable medium 
having stored therein instructions for causing one or more processors to execute the steps of 
the method. 

39. (New) The method of Claim 35 further comprising a computer readable medium 
having stored therein instructions for causing one or more processors tn <*x*r.uta the steps of 
the method. 
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